TW201630378A - Key splitting - Google Patents

Key splitting Download PDF

Info

Publication number
TW201630378A
TW201630378A TW104134051A TW104134051A TW201630378A TW 201630378 A TW201630378 A TW 201630378A TW 104134051 A TW104134051 A TW 104134051A TW 104134051 A TW104134051 A TW 104134051A TW 201630378 A TW201630378 A TW 201630378A
Authority
TW
Taiwan
Prior art keywords
key
data
mask
data processing
processing case
Prior art date
Application number
TW104134051A
Other languages
Chinese (zh)
Other versions
TWI597960B (en
Inventor
史塔特 哈伯
立群 程
Original Assignee
惠普發展公司有限責任合夥企業
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 惠普發展公司有限責任合夥企業 filed Critical 惠普發展公司有限責任合夥企業
Publication of TW201630378A publication Critical patent/TW201630378A/en
Application granted granted Critical
Publication of TWI597960B publication Critical patent/TWI597960B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/407Bus networks with decentralised control
    • H04L12/417Bus networks with decentralised control with deterministic access, e.g. token passing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

Description

金鑰分裂技術 Key splitting technique

本發明係有關於金鑰分裂技術。 The present invention relates to a key splitting technique.

發明背景 Background of the invention

加密乃編碼資訊之方法使得加密資訊由經授權的實體讀取。至於加密,典型地稱作為明文的資訊係使用加密方法加密。加密資訊稱作為密文。為了讀取密文,典型地使用一金鑰以解密該密文。 Encryption is a method of encoding information such that the encrypted information is read by an authorized entity. As for encryption, information that is typically referred to as plaintext is encrypted using an encryption method. Encrypted information is called ciphertext. To read the ciphertext, a key is typically used to decrypt the ciphertext.

依據本發明之一實施例,係特地提出一種非暫態電腦可讀取媒體已經於其上儲存機器可讀取指令用以提供金鑰分裂,該等機器可讀取指令當執行時使得至少一個處理器用以:產生一主金鑰;產生一隨機遮罩;藉使用該隨機遮罩而產生該主金鑰的一經遮罩版本;前傳該主金鑰的該經遮罩版本給一金鑰管理器;回應於前傳該主金鑰的該經遮罩版本,自該金鑰管理器接收一新遮罩;及基於該新遮罩及該隨機遮罩而決定一資料金鑰。 In accordance with an embodiment of the present invention, it is specifically proposed that a non-transitory computer readable medium has stored thereon machine readable instructions for providing key splitting, the machine readable instructions being at least one executed when executed The processor is configured to: generate a primary key; generate a random mask; generate a masked version of the primary key by using the random mask; forward the masked version of the primary key to a key management Responding to the masked version of the master key, receiving a new mask from the key manager; and determining a data key based on the new mask and the random mask.

100‧‧‧金鑰分裂系統 100‧‧‧Key Split System

102‧‧‧資料處理案例產生模組 102‧‧‧Data processing case generation module

104‧‧‧資料處理案例 104‧‧‧Data processing case

106‧‧‧資料擁有者 106‧‧‧ Data owner

108‧‧‧主金鑰 108‧‧‧Master Key

110‧‧‧虛擬金鑰管理模組 110‧‧‧Virtual Key Management Module

112‧‧‧資料儲存庫 112‧‧‧Data repository

114‧‧‧資料 114‧‧‧Information

116‧‧‧資料儲存庫金鑰產生模組 116‧‧‧Data Repository Key Generation Module

118‧‧‧資料處理案例金鑰產生模組 118‧‧‧ Data Processing Case Key Generation Module

120‧‧‧先前儲存物件取回模組 120‧‧‧Previous storage item retrieval module

122‧‧‧隨機遮罩 122‧‧‧ Random mask

200‧‧‧資料處理案例產生協定 200‧‧‧ Data Processing Case Generation Agreement

202-212、302-314、402-414、502-514、602-612、702-712‧‧‧方塊 202-212, 302-314, 402-414, 502-514, 602-612, 702-712‧‧‧ blocks

300‧‧‧資料儲存庫金鑰產生協定 300‧‧‧Data Repository Key Generation Agreement

400‧‧‧資料處理案例金鑰產生協定 400‧‧‧ Data Processing Case Key Generation Agreement

500‧‧‧先前儲存物件取回協定 500‧‧‧Previous storage item retrieval agreement

600、700‧‧‧方法 600, 700‧‧‧ method

800‧‧‧電腦系統 800‧‧‧ computer system

802‧‧‧處理器 802‧‧‧ processor

804‧‧‧通訊匯流排 804‧‧‧Communication bus

806‧‧‧主記憶體 806‧‧‧ main memory

808‧‧‧二次資料儲存裝置 808‧‧‧Secondary data storage device

810‧‧‧I/O裝置 810‧‧‧I/O device

812‧‧‧網路介面 812‧‧‧Internet interface

820‧‧‧金鑰分裂模組 820‧‧‧Key Splitting Module

本文揭示之特徵係於下列圖式例示而非限制 性,其中類似的元件符號指示類似的元件,附圖中:圖1例示依據本文揭示之一實施例一種金鑰分裂系統之架構;圖2例示依據本文揭示之一實施例用於圖1之金鑰分裂系統的一資料處理案例產生協定之流程圖;圖3例示依據本文揭示之一實施例用於圖1之金鑰分裂系統的一資料儲存庫金鑰產生協定之流程圖;圖4例示依據本文揭示之一實施例用於圖1之金鑰分裂系統的一資料處理案例金鑰產生協定之流程圖;圖5例示依據本文揭示之一實施例用於圖1之金鑰分裂系統的一先前儲存物件取回協定之流程圖;圖6例示依據本文揭示之一實施例一種金鑰分裂方法;圖7例示依據本文揭示之一實施例該金鑰分裂方法之進一步細節;及圖8例示依據本文揭示之一實施例一種電腦系統。 The features disclosed herein are illustrated by the following figures and are not limiting. And similar elements in the drawings indicate similar elements. In the drawings: Figure 1 illustrates the architecture of a key splitting system in accordance with one embodiment disclosed herein; Figure 2 illustrates the gold used in Figure 1 in accordance with one embodiment disclosed herein. A data processing case generation protocol flow diagram of a key splitting system; FIG. 3 illustrates a flow chart of a data repository key generation agreement for the key splitting system of FIG. 1 in accordance with one embodiment disclosed herein; FIG. 4 illustrates A flowchart of a data processing case key generation agreement for the key splitting system of FIG. 1 is disclosed herein; FIG. 5 illustrates a prior use for the key splitting system of FIG. 1 in accordance with an embodiment disclosed herein A flowchart of a stored object retrieval protocol; FIG. 6 illustrates a key splitting method in accordance with one embodiment of the present disclosure; FIG. 7 illustrates further details of the key splitting method in accordance with one embodiment disclosed herein; and FIG. 8 illustrates One embodiment is disclosed in a computer system.

較佳實施例之詳細說明 Detailed description of the preferred embodiment

為求簡明與例示目的,本文揭示係主要參考實例描述。於後文詳細說明部分中,陳述無數特定細節以供徹底瞭解本文揭示。但顯然易知不限於此等特定細節可實施本文揭示。於其它情況下,若干方法及結構並未以細節描述以免不必要地遮掩本文揭示。 For the purposes of brevity and illustration, the disclosure herein is primarily described with reference to the examples. In the detailed description that follows, numerous specific details are set forth to provide a thorough understanding of the disclosure herein. However, it is apparent that the specific details are not limited to the specific details disclosed herein. In other instances, several methods and structures are not described in detail to avoid unnecessarily obscuring the disclosure herein.

於本文揭示之全文中,「一(a)」及「一(an)」等詞意圖表示特定元件中之至少一者。如此處使用,「包括」一詞表示包括但非限制性,「包括有」一詞表示包括有但非限制性。「基於」一詞表示至少部分基於。 Throughout the text, the words "a" and "an" are intended to mean at least one of the specified elements. As used herein, the term "comprising" means including but not limiting, and the term "including" includes, but is not limiting. The term "based on" is based at least in part on.

資料之加密及解密用的對稱性金鑰典型地包括使用相同密碼金鑰用於明文的加密及密文的解密兩者。至於該等對稱性金鑰,金鑰典型地為相同,或在二金鑰間可能進行變換。用於資料的加密及解密之非對稱性金鑰典型地包括兩個分開的金鑰,其中一者為秘密(或專用)及其中一者為公開。至於資料的加密及解密,金鑰分裂典型地包括一金鑰分割或解密過程分割成二或多個部分,因此若未藉將全部的部分統一而重建該金鑰,則任何部分本身皆無法使用。 The symmetry key used for encryption and decryption of data typically includes both the encryption of the plaintext and the decryption of the ciphertext using the same cryptographic key. As for the symmetry keys, the keys are typically the same or may be transformed between the two keys. The asymmetric key used for encryption and decryption of data typically includes two separate keys, one of which is secret (or dedicated) and one of which is public. As for the encryption and decryption of data, the key splitting typically involves a key splitting or decryption process divided into two or more parts, so if the key is not reconstructed by unifying all the parts, then any part itself cannot be used. .

認證過程可包括決定所接收的資料是否為所發送的資料之過程。認證過程也可包括藉由使用例如基於雜湊之訊息認證(HMAC)認證資料之真實性,及其它驗證技術。 The authentication process may include the process of determining whether the received material is the transmitted material. The authentication process may also include authenticity by using, for example, hash-based message authentication (HMAC) authentication data, and other verification techniques.

金鑰管理可包括用於資料的加密、解密、或認證,及/或用於產生額外金鑰的金鑰管理。舉例言之,用於金鑰管理,各個主金鑰及其相應的加密資料項之集合可置於單一資料擁有者的控制之下。此類型金鑰管理可用作為計算系統之部分,該計算系統使用對稱性金鑰密碼機制(其包括對稱性加密及對稱性認證處理)提供密碼服務。用於此種基於對稱性金鑰之密碼服務,一訊息的發送者與接收 者,或一儲存檔案之作者與讀者通常分享相同特定加密/解密金鑰或相同特定認證金鑰、或其中各自一者。存取此種金鑰可由可含金鑰分裂能力的一金鑰管理器管理。 Key management may include encryption, decryption, or authentication for data, and/or key management for generating additional keys. For example, for key management, the collection of individual master keys and their corresponding encrypted data items can be placed under the control of a single data owner. This type of key management can be used as part of a computing system that provides cryptographic services using symmetric key cryptography mechanisms, including symmetric encryption and symmetric authentication processing. Used for such symmetry-based cryptographic services, sender and receiver of a message The author, or the author of a stored file, typically shares the same specific encryption/decryption key or the same specific authentication key, or one of them, with the reader. Access to such a key can be managed by a key manager that can include key splitting capabilities.

如此處描述,金鑰分裂典型地包括一金鑰的分裂或解密處理的分裂成二或多個部分,因而其本身並無任何部分可用以重建該金鑰。反而,各個部分可能需要統合來重建該金鑰。如此,金鑰分裂給一資料擁有者(後文標示為U,或用戶U)藉由防止其它實體確定該金鑰或解密程序而控制諸如資料的加密、解密、或認證等面向。 As described herein, key splitting typically involves splitting or decrypting a key into two or more parts, so that there is no part of itself that can be used to reconstruct the key. Instead, the various parts may need to be integrated to rebuild the key. Thus, the key splits to a data owner (hereinafter labeled U, or user U) to control such things as encryption, decryption, or authentication of the data by preventing other entities from determining the key or decryption program.

至於金鑰分裂,資料擁有者U可利用一金鑰管理器(後文標示為P)用於管理供資料保護用的金鑰。資料擁有者U可形成提供資料保護的短暫資料處理案例(特定第i個資料處理案例標示為Ai)。舉例言之,一短暫資料處理案例可代表資料擁有者U在一集合資料上執行資料的加密或解密,及其後可拋棄該短暫資料處理案例。金鑰管理器可能無法信賴知曉金鑰值。 As for the key split, the data owner U can use a key manager (hereafter labeled P) to manage the keys for data protection. The data owner U can form a short-term data processing case that provides data protection (the specific i-th data processing case is labeled A i ). For example, a short data processing case may represent the data owner U performing encryption or decryption of the data on a set of data, and then discarding the short data processing case. The Key Manager may not be able to trust the known key value.

於若干實施例中,與金鑰管理器P之通訊可使用部分同型加密技術,諸如EIGamal加密。EIGamal加密技術為基於迪赫(Diffie-Hellman)金鑰交換的用於公鑰密碼術之非對稱性金鑰加密法。至於與金鑰管理器P通訊,也可使用其它類型的加密技術。 In several embodiments, communication with the key manager P may use a partial homomorphic encryption technique, such as EIGamal encryption. EIGamal encryption technology is an asymmetric key cryptography for public key cryptography based on Diffie-Hellman key exchange. As for communicating with the Key Manager P, other types of encryption techniques can also be used.

至於金鑰分裂,資料擁有者U可形成一主金鑰(後文標示為K)。代表資料擁有者用於管理資料物件(亦即由該使用者所擁有的資料之部分)的特定金鑰可從主金鑰K推導 而得。為了處理針對個別資料物件的特定金鑰,資料擁有者U可啟動一短暫資料處理案例Ai的形成,且可發送在該金鑰管理器的公鑰之下加密的主金鑰K給資料處理案例Ai。資料處理案例Ai可產生一隨機遮罩γiAs for the key split, the data owner U can form a master key (hereinafter referred to as K). The specific key used to manage the data object (ie, the portion of the material owned by the user) on behalf of the data owner can be derived from the primary key K. In order to process a specific key for an individual data item, the material owner U can initiate the formation of a short data processing case A i and can send the primary key K encrypted under the public key of the key manager for data processing. Case A i . The data processing case A i can generate a random mask γ i .

資料處理案例Ai可使用一非對稱性金鑰加密法的同型性質組合隨機遮罩γi之加密與主金鑰K之加密。同型性質可指一種加密形式,其允許在密文上進行特定類型的運算,且產生一加密結果,其當解密時匹配在用以產生該密文的原先文本上進行操作的結果。於此一實施例中,經由隨機遮罩γi之加密與主金鑰K之加密的組合所產生的密文為K*γi(亦即K與γi的乘積)之加密。K與γi的密文可於包括同型性質的非對稱性金鑰加密法潛在的群組結構(例如,用於EIGamal加密的群組G)決定。資料處理案例Ai可發送此種密文給金鑰管理器P。又,資料處理案例Ai可紀錄隨機遮罩γi之值。 The data processing case A i can use the isomorphic nature of an asymmetric key cryptography to combine the encryption of the random mask γ i with the encryption of the primary key K. The isomorphic nature may refer to an encrypted form that allows for a particular type of operation on the ciphertext and produces an encrypted result that, when decrypted, matches the result of the operation on the original text used to generate the ciphertext. In this embodiment, the ciphertext generated by the combination of the encryption of the random mask γ i and the encryption of the primary key K is the encryption of K*γ i (that is, the product of K and γ i ). The ciphertext of K and γ i can be determined by a potential group structure including asymmetry key encryption method of the same type (for example, group G for EIGamal encryption). The data processing case A i can send such a ciphertext to the key manager P. Moreover, the data processing case A i can record the value of the random mask γ i .

隨機遮罩γi可用作為由金鑰管理器P與該資料處理案例之短暫例示分享的一遮罩。隨機遮罩γi可為暗中分享,在於金鑰管理器P並不知曉隨機遮罩γi之值。如此,金鑰管理器P經由其暗中知識而非明確知識而調用隨機遮罩γi的使用。金鑰管理器P可使用一密鑰以解密該經遮罩的主金鑰(亦即K及γi之密文)用以獲得該值K*γi(亦即K與γi的乘積),且儲存該值用來與資料處理案例Ai通訊。 The random mask γ i can be used as a mask shared by the key manager P with a short instantiation of the data processing case. The random mask γ i can be shared implicitly, in that the key manager P does not know the value of the random mask γ i . As such, the key manager P invokes the use of the random mask γ i via its secret knowledge rather than explicit knowledge. The key manager P may use a key to decrypt the masked primary key (ie, the ciphertext of K and γ i ) to obtain the value K*γ i (ie, the product of K and γ i ) And store this value for communication with the data processing case A i .

用於個別資料物件的加密、解密、及/或其它認證的金鑰可形成為αj/K形式,於該處αj為一隨機值,使得資 料處理案例Ai知曉該金鑰,同時金鑰管理器P知曉αj且儲存αj作為此一金鑰的遮罩。舉例言之,金鑰管理器可選取一隨機值αj,及發送αj/(K*γi)給知曉γi的資料處理案例Ai,使得資料處理案例可決定[αj/(K*γi)]*γi用以回復αj/K。此等值有關αj、K、及γi,及全部相關運算可在包括同型性質的潛在群組(例如,用於EIGamal加密的群組G)進行。前文就針對個別資料物件之一特定金鑰產生描述之方法,在本資料處理案例Ai不再存在之後,稍後可用以使用針對本金鑰αj/K的原先遮罩,及γi之新值其係用作為與本資料處理案例分享的遮罩,允許金鑰管理器P提供新形成的資料處理案例以回復該金鑰。 The key used for encryption, decryption, and/or other authentication of individual data objects may be formed in the form α j /K, where α j is a random value such that the data processing case A i knows the key while gold The key manager P knows α j and stores α j as a mask for this key. For example, the key manager may select a random value α j and send α j /(K*γ i ) to the data processing case A i that knows γ i so that the data processing case can determine [α j /(K) *γ i )]*γ i is used to reply α j /K. These values relate to α j , K , and γ i , and all related operations can be performed on potential groups including homomorphic properties (eg, group G for EIGamal encryption). In the foregoing, a method for generating a description for a specific key of an individual data item may be used later to use the original mask for the present key α j /K, and γ i after the data processing case A i no longer exists. The new value is used as a mask shared with this data processing case, allowing Key Manager P to provide a newly formed data processing case to reply to the key.

依據實施例,此處揭示一種金鑰分裂系統及用於金鑰分裂之方法。至於金鑰分裂,系統及方法大致可運用任何安全通訊系統,無需同型加密技術。安全通訊系統之非限制性實例可包括系統其使用安全非對稱性加密技術,諸如RSA、橢圓曲線密碼術等。同型加密大致上描述為加密形式,其允許在密文上進行特定類型的運算,及產生一加密結果,其當解密時匹配在明文上執行操作的結果。需要避免使用同型加密技術可減低運算成本(例如,處理時間、儲存、能量利用等)。舉例言之,至於使用包括同型性質的非對稱性金鑰加密方法,此等技術基於相對較長群組元件(例如,2048位元長度)的使用可以是運算成本密集,比較相對較短的位元字符號(例如,128或256位元長度),其可用於此處揭示的系統及方法實例。 In accordance with an embodiment, a key splitting system and method for splitting a key are disclosed herein. As for the key splitting, the system and method can generally use any secure communication system without the need for homotype encryption technology. Non-limiting examples of secure communication systems may include systems that use secure asymmetric encryption techniques such as RSA, elliptic curve cryptography, and the like. Homotype encryption is generally described as an encrypted form that allows for a particular type of operation on a ciphertext and produces an encrypted result that, when decrypted, matches the result of performing an operation on the plaintext. The need to avoid using the same type of encryption technology can reduce the computational cost (for example, processing time, storage, energy utilization, etc.). For example, as with asymmetric key encryption methods that include homomorphic properties, the use of such techniques based on relatively long group elements (eg, 2048 bit lengths) can be computationally intensive, relatively relatively short bits. A metacharacter number (e.g., 128 or 256 bit length) that can be used with the systems and method examples disclosed herein.

針對此處揭示的系統及方法實例,隨機遮罩γi可由資料擁有者選擇(亦即資料擁有者U可選擇針對遮罩γi的一隨機值),使得非對稱性加密技術可用於金鑰分裂。至於如此處使用的資料擁有者U一詞,如由資料擁有者U執行的所描述功能及資料擁有者U相關的資訊可由資料擁有者計算裝置所執行及相關。概略言之,用於此處揭示的系統及方法,資料擁有者U可選擇一隨機遮罩γi,在金鑰管理器的公鑰之下加密γi*K,且發送明文連同隨機遮罩γi給資料處理案例Ai。「*」符號可表示任何運算,諸如XOR、乘法、加法等。資料處理案例Ai可紀錄隨機遮罩γi,及前傳密文給金鑰管理器P,其可解密及紀錄γi*K。至於如此處使用的金鑰管理器P一詞,如由金鑰管理器P執行的所描述功能及金鑰管理器P相關的資訊可由資料擁有者計算裝置所執行及相關。 For the systems and method examples disclosed herein, the random mask γ i can be selected by the data owner (ie, the data owner U can select a random value for the mask γ i ) such that asymmetric cryptography can be used for the key Split. As for the term "material owner U" as used herein, the information described by the data owner U and the information associated with the data owner U may be executed and correlated by the data owner computing device. In summary, for the systems and methods disclosed herein, the material owner U can select a random mask γ i , encrypt γ i *K under the key manager's public key, and send the plaintext along with the random mask. γ i gives the data processing case A i . The "*" symbol can represent any operation, such as XOR, multiplication, addition, and so on. The data processing case A i records the random mask γ i and the forward ciphertext to the key manager P, which can decrypt and record γ i *K. As for the term key manager P as used herein, the information described by the key manager P and the information associated with the key manager P can be executed and correlated by the data owner computing device.

針對此處揭示的系統及方法實例,值K、γi、及αj可以是適當長度的位元字符串,有關一群組的元件其為固定長度的位元字符串,逐位元XOR作為群組運算。前述金鑰分裂服務的運算K*γi、αj/K等可以是此一方便群組中的運算。金鑰之長度可根據管理金鑰的密碼服務(例如,加密、解密、或認證方法之細節)而予選擇。 For the systems and method examples disclosed herein, the values K, γ i , and α j may be bit strings of appropriate length, with respect to a group of elements being fixed-length bit strings, bitwise XOR Group operation. The operations K*γ i , α j /K, etc. of the aforementioned key splitting service may be operations in this convenient group. The length of the key may be selected based on the cryptographic service of the management key (eg, details of encryption, decryption, or authentication methods).

針對此處揭示的系統及方法實例,比較同型加密技術的使用,假設安全對稱性金鑰系統之金鑰長度為256位元,在256位元上的XOR運算通常比同型加密運算更為有效。就密碼分析技術而言,此等256位元值可考慮為安全。 隨著運算威力的提高(例如,遵照摩爾定律等)且隨著密碼分析的改良,此等位元長度可徐緩增長。可預期對稱性金鑰長度繼續維持比非對稱性金鑰長度相對地更短。又,針對此處揭示的系統及方法實例,也消弭了將群組元件αj/K轉換成有用的對稱性金鑰的需要,原因在於此等值可直接用作為位元字符串。舉例言之,有關具有固定長度位元字符串的一群組的元件,以逐位元XOR作為群組運算,值K及αj可以是具有適當長度的位元字符串。 For the system and method examples disclosed herein, the use of the same type of encryption technique is compared. Assuming that the key length of the secure symmetric key system is 256 bits, the XOR operation on the 256 bits is generally more efficient than the homogeneous encryption operation. For cryptanalysis techniques, these 256-bit values can be considered safe. As the power of computing increases (eg, in accordance with Moore's Law, etc.) and as cryptanalysis improves, the length of such bits can grow slowly. It is expected that the symmetry key length will continue to be relatively shorter than the asymmetric key length. Moreover, for the systems and method examples disclosed herein, the need to convert the group element α j /K into a useful symmetry key is also eliminated, since the value can be used directly as a bit string. For example, for a group of elements having a fixed length bit string, the bitwise XOR is used as a group operation, and the values K and α j may be bit strings of an appropriate length.

依據一實施例,金鑰分裂系統可包括至少一個處理器及一記憶體儲存機器可讀取指令,其當由該至少一個處理器執行時使得該至少一個處理器自一實體(例如,資料擁有者U)接收與欲被加密、解密、或認證的資料相關的一主金鑰K。用以加密、解密、或認證該資料的一資料金鑰Sj可自該主金鑰K及接收自該實體與該資料相關的一遮罩γi導算出。機器可讀取指令可進一步前傳主金鑰藉使用遮罩而予遮罩的一版本(例如,K*γi)給金鑰管理器P用以管理該資料金鑰Sj及產生一資料處理案例Ai用以運用該資料金鑰以加密、解密、或認證該資料。該等機器可讀取指令可進一步決定資料金鑰Sj用以基於藉資料處理案例Ai選取的一先前資料金鑰(例如,已知Sj)而加密、解密、或認證該資料。 According to an embodiment, a key splitting system can include at least one processor and a memory storage machine readable instruction that, when executed by the at least one processor, causes the at least one processor to be self-contained (eg, data owned) U) receives a master key K associated with the material to be encrypted, decrypted, or authenticated. A data key Sj used to encrypt, decrypt, or authenticate the material can be derived from the primary key K and a mask γ i received from the entity associated with the data. The machine readable command can further forward a version (eg, K*γ i ) that is masked by the master key using the mask to the key manager P for managing the data key S j and generating a data processing Case Ai is used to encrypt, decrypt, or authenticate the data using the data key. Such machine-readable instructions may further define the data keys S j used by data processing based on the case A i a previously selected key information (e.g., a known S j) and encryption, decryption, or the authentication information.

圖1例示依據本文揭示之一實施例一金鑰分裂系統100(後文又稱「系統100」)之架構。參考圖1及圖2,系統100描繪為包括一資料處理案例產生模組102用以產生一資料處理案例104的一例示i,資料處理案例104之第i個例示標 示為Ai。資料處理案例產生模組102可實現一資料處理案例產生協定200,如此處參考圖2描述。資料處理案例Ai可借助於一資料擁有者106(標示為U)實例化,該資料擁有者106保有一主金鑰108(標示為K)及一虛擬金鑰管理模組110(標示為P)。資料擁有者U也可選擇一隨機遮罩122(標示為γi)以產生主金鑰K之遮罩版本,如此處參考資料處理案例產生協定200之描述。虛擬金鑰管理模組P,其可在與含資料擁有者U的系統分開的一系統,或其可在與資料擁有者U的相同系統,可輔助各種加密金鑰跨資料處理案例104的不同例示Ai之維持。用於資料處理案例產生協定200,在資料擁有者U與虛擬金鑰管理模組P之間可能無需通訊。 1 illustrates the architecture of a key splitting system 100 (hereinafter also referred to as "system 100") in accordance with one embodiment of the present disclosure. Referring to Figures 1 and 2, system 100 is depicted as including an example of a data processing case generation module 102 for generating a data processing case 104, the i-th example of which is labeled Ai . The data processing case generation module 102 can implement a data processing case generation agreement 200, as described herein with reference to FIG. The data processing case A i can be instantiated by means of a data owner 106 (labeled U) having a master key 108 (labeled K) and a virtual key management module 110 (labeled P) ). The data owner U may also select a random mask 122 (labeled γ i ) to generate a masked version of the primary key K, as described herein with reference to the data processing case generation protocol 200. The virtual key management module P, which may be separate from the system containing the data owner U, or it may be in the same system as the data owner U, may assist in the different encryption key cross-data processing cases 104 Illustrate the maintenance of A i . For the data processing case generation agreement 200, communication may not be required between the data owner U and the virtual key management module P.

為了自包括資料114的一資料儲存庫112取回已解密資料,資料擁有者U可啟動一資料處理案例Ai。資料處理案例Ai可以是短暫的。資料處理案例Ai可用來與虛擬金鑰管理模組P互動以便重建特定金鑰。資料處理案例Ai之不同例示間之狀態可由資料擁有者U在全部例示Ai使用相同主金鑰K而予維持,且由虛擬金鑰管理模組P儲存該特定金鑰Sj*K(於該處Sj表示一字符串,表示用於加密、解密、或認證、或驗證一資料物件的真實性之第j個特定金鑰)之一經遮罩版本而予維持。 In order to retrieve the decrypted material from a data repository 112 that includes the data 114, the material owner U can initiate a data processing case Ai . The data processing case A i can be short-lived. The data processing case A i can be used to interact with the virtual key management module P to reconstruct a particular key. The state of the different instantiations of the data processing case A i can be maintained by the material owner U using the same master key K in all the instants A i , and the specific key S j *K is stored by the virtual key management module P ( Where S j represents a string representing one of the j-th specific keys used to encrypt, decrypt, or authenticate, or verify the authenticity of a data item, is maintained by a masked version.

系統100之一資料儲存庫金鑰產生模組116可產生一新特定金鑰Sj,用以加密、解密、或認證、或驗證在資料儲存庫112上的資料114的真實性。資料儲存庫金鑰產生模組116可由資料擁有者U及/或由虛擬金鑰管理模組P具 體實施,但顯示為於圖1之系統100之實例中獨立實施。如此處參考圖3之描述,資料儲存庫金鑰產生模組116可具體實施一資料儲存庫金鑰產生協定300。資料儲存庫金鑰產生模組116可提供用於此種特定金鑰Sj之盲目(亦即經遮罩)版本由虛擬金鑰管理模組P的儲存及使用。 A data repository key generation module 116 of the system 100 can generate a new specific key Sj for encrypting, decrypting, or authenticating, or verifying the authenticity of the material 114 on the data repository 112. The data repository key generation module 116 may be embodied by the material owner U and/or by the virtual key management module P, but shown as being implemented independently in the example of the system 100 of FIG. As described herein with reference to FIG. 3, the data repository key generation module 116 can implement a data repository key generation protocol 300. The data repository key generation module 116 can provide for the storage and use of the blind key (i.e., masked) version of the particular key Sj by the virtual key management module P.

系統100之一資料處理案例金鑰產生模組118可提供給資料處理案例104用於動態產生特定金鑰Sj,及發送所產生的金鑰之盲目版本給虛擬金鑰管理模組P。資料處理案例金鑰產生模組118可由資料擁有者U及/或由虛擬金鑰管理模組P具體實施,但顯示為於圖1之系統100之實例中獨立實施。如此處參考圖4之描述,資料處理案例金鑰產生模組118可具體實施一資料處理案例金鑰產生協定400。 A data processing case key generation module 118 of the system 100 can provide the data processing case 104 for dynamically generating a specific key S j and transmitting a blind version of the generated key to the virtual key management module P. The data processing case key generation module 118 may be embodied by the material owner U and/or by the virtual key management module P, but shown as being implemented independently in the example of the system 100 of FIG. As described herein with reference to FIG. 4, the data processing case key generation module 118 can implement a data processing case key generation agreement 400.

系統100之一先前儲存物件取回模組120可具體實施自資料儲存庫112取回一先前儲存物件。先前儲存物件取回模組120可由資料擁有者U及/或由虛擬金鑰管理模組P具體實施,但顯示為於圖1之系統100之實例中獨立實施。如此處參考圖5之描述,先前儲存物件取回模組120可具體實施一先前儲存物件取回協定。 The previously stored item retrieval module 120 of one of the systems 100 can be embodied to retrieve a previously stored item from the data repository 112. The previously stored item retrieval module 120 may be embodied by the material owner U and/or by the virtual key management module P, but shown as being implemented independently in the example of the system 100 of FIG. As described herein with reference to FIG. 5, the prior stored item retrieval module 120 can implement a prior stored item retrieval protocol.

用於該系統100,使用例如透過建立在一既有公鑰基礎架構(PKI)上的安全套接層(SSL)或傳輸層安全性(TLS)所具體實施的通道,不同的實體可在其間安全地通訊。參考圖1-5,金鑰及遮罩元件K、Sj、αj等可以是具有適當長度的位元-字符串(亦即用於密碼金鑰處理的位元-字符串,其金鑰係藉使用系統100之金鑰分裂協定管理),及「+」 可用於互斥或(XOR)。 For the system 100, different entities can be secured between them by using, for example, a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) built on a Public Key Infrastructure (PKI). Communication. Referring to Figures 1-5, the key and mask elements K, S j , α j , etc. may be bit-strings of appropriate length (i.e., bits-characters for cryptographic key processing, their keys) It is managed by using the key split protocol of system 100, and "+" can be used for mutual exclusion or (XOR).

圖2例示依據本文揭示之一實施例,用於產生一資料處理案例Ai的資料處理案例產生協定200之流程圖。雖然下述方法的執行係參考圖1之系統100描述,但熟諳技藝人士顯然易知其它適合用於執行此等方法的裝置。圖2之流程圖中描述的方法及其它圖式中描述的方法可以儲存於一機器可讀取儲存媒體,諸如圖8的記憶體806及/或二次資料儲存裝置808,上的可執行指令形式由此處描述之一或多個模組具體實施,及/或以電子電路形式具體實施。 Figure 2 illustrates one embodiment according to embodiments disclosed herein, data processing for generating a data Cases Cases A i flowchart 200 of generating agreement. Although the execution of the method described below is described with reference to system 100 of Figure 1, it will be apparent to those skilled in the art that other devices are suitable for performing such methods. The method described in the flowchart of FIG. 2 and the methods described in other figures may be stored in a machine readable storage medium, such as the memory 806 of FIG. 8 and/or the secondary data storage device 808, executable instructions thereon. The form is embodied by one or more of the modules described herein, and/or embodied in the form of electronic circuitry.

參考圖2,於方塊202,資料擁有者U可隨機選取主金鑰K(亦即針對主金鑰K選擇一隨機值)。另外,資料擁有者U可從先前產生的金鑰之一選擇中取回主金鑰K。 Referring to FIG. 2, at block 202, the material owner U can randomly select the primary key K (ie, select a random value for the primary key K). In addition, the material owner U can retrieve the primary key K from one of the previously generated keys.

於方塊204,資料擁有者U可選取隨機遮罩γi(亦即針對遮罩γi選擇一隨機值)。 At block 204, the data owner U may select a random mask γ i (ie, select a random value for the mask γ i ).

於方塊206,資料擁有者U可發送主金鑰K互斥或隨機遮罩γi(亦即K+γi)給該虛擬金鑰管理模組P。換言之,資料擁有者U可發送呈遮罩形式的隨機遮罩γi給虛擬金鑰管理模組P。主金鑰K也可由擁有資料114的資料擁有者U選取。 At block 206, the material owner U may send the primary key K mutually exclusive or random mask γ i (ie, K+γ i ) to the virtual key management module P. In other words, the material owner U can send a random mask γ i in the form of a mask to the virtual key management module P. The primary key K can also be selected by the data owner U who owns the data 114.

於方塊208,資料擁有者U可發送隨機遮罩γi給資料處理案例AiAt block 208, the material owner U can send a random mask γ i to the data processing case A i .

於方塊210,虛擬金鑰管理模組P可儲存主金鑰K互斥或隨機遮罩γi(亦即K+γi)。換言之,虛擬金鑰管理模組P可儲存由K所遮罩的隨機遮罩γi,於該處K+γi係由逐位元 互斥或運算決定。至於系統100,非暫態儲存媒體可耦合至虛擬金鑰管理模組P用以儲存與該虛擬金鑰管理模組P相關的任何資訊(例如,K+γi、αj等)。 At block 210, the virtual key management module P may store the primary key K mutually exclusive or random mask γ i (ie, K+γ i ). In other words, the virtual key management module P can store the random mask γ i masked by K, where K+γ i is determined by bitwise exclusive or operation. As for the system 100, the non-transitory storage medium can be coupled to the virtual key management module P for storing any information related to the virtual key management module P (eg, K+γ i , α j , etc.).

於方塊212,資料處理案例Ai可儲存隨機遮罩γi。隨機遮罩γi可由相應的資料處理案例Ai之短暫例示用於資料物件加密、解密、或認證、或真實性驗證相關的操作。至於系統100,非暫態儲存媒體可耦合至資料擁有者U用以儲存與該使用者及該資料處理案例Ai相關的任何資訊(例如,γi、Sj等)。 At block 212, the data processing case A i can store the random mask γ i . The random mask γ i can be briefly exemplified by the corresponding data processing case A i for data object encryption, decryption, or authentication, or authenticity verification related operations. With respect to system 100, a non-transitory storage medium can be coupled to a material owner U for storing any information (eg, γ i , S j , etc.) associated with the user and the data processing case A i .

至於資料處理案例產生協定200,就資料處理案例Ai而言主金鑰K的秘密性可藉所使用的非對稱性加密技術加以確保。就虛擬金鑰管理模組P而言主金鑰K的秘密性可基於遮罩係隨機選取,而非為虛擬金鑰管理模組P所知加以確保。 As for data processing agreement to produce 200 cases, in terms of data processing Case A i master key K secrecy may by used to be asymmetric encryption technology to ensure. As far as the virtual key management module P is concerned, the secrecy of the primary key K can be randomly selected based on the mask, rather than being ensured by the virtual key management module P.

圖3例示依據本文揭示之一實施例該資料儲存庫金鑰產生協定300之流程圖。基於主金鑰K的特定案例遮罩K+γi之設定,此種特定案例遮罩可用以保護用於儲存物件的加密、解密、或認證、或真實性驗證的特定金鑰Sj。此點可藉由使得資料處理案例Ai與虛擬金鑰管理模組P互動進行,於該處虛擬金鑰管理模組P可儲存各種特定金鑰的盲目版本。資料儲存庫金鑰產生協定300可提供第j個特定金鑰Sj用以由隨後資料處理案例之不相關例示存取。 3 illustrates a flow diagram of the data repository key generation agreement 300 in accordance with one embodiment disclosed herein. Based on the setting of the specific case mask K+γ i of the primary key K, this particular case mask can be used to protect the particular key S j used to store the encryption, decryption, or authentication, or authenticity verification of the object. This can be done by interacting the data processing case Ai with the virtual key management module P, where the virtual key management module P can store blind versions of various specific keys. The data repository key generation agreement 300 can provide the jth specific key Sj for unrelated instantiation access by subsequent data processing cases.

參考圖3,於方塊302,基於資料處理案例產生協定200用於資料處理案例Ai之方塊210及212,虛擬金鑰管理 模組P可取回或以其它方式接收所儲存的主金鑰K互斥或隨機遮罩γi(亦即K+γi)作為輸入,及資料處理案例Ai可取回或以其它方式接收所儲存的隨機遮罩γi作為輸入。 Referring to Figure 3, at block 302, generates a master key K 200 for the protocol data block A i of Cases 210 and 212, P virtual key management module may retrieve or otherwise receive the stored data based on Cases A mutually exclusive or random mask γ i (ie, K+ γ i ) is taken as input, and the data processing case A i can retrieve or otherwise receive the stored random mask γ i as an input.

於方塊304,資料處理案例Ai可前傳一請求給虛擬金鑰管理模組P用以產生具有指數j的一新金鑰。如此處描述,具有指數j的新金鑰可根據由虛擬金鑰管理模組P所做隨機選擇而決定。 At block 304, the data processing case A i may forward a request to the virtual key management module P for generating a new key having an index j. As described herein, a new key having an index j can be determined based on a random selection made by the virtual key management module P.

於方塊306,虛擬金鑰管理模組P可隨機選擇αj,及決定βijj XOR(K XOR γi)(亦即βijj+(K+γi))。針對方塊306,αj及βij可表示用於盲目用途的遮罩。 At block 306, the virtual key management module P can randomly select α j and determine β ijj XOR(K XOR γ i ) (ie, β ijj +(K+γ i )). For block 306, α j and β ij may represent masks for blind use.

於方塊308,虛擬金鑰管理模組P可發送βij給資料處理案例AiAt block 308, the virtual key management module P can send β ij to the data processing case A i .

於方塊310,資料處理案例Ai可決定第j個特定金鑰Sj為βij XOR γi(其係等於αj XOR K)。 At block 310, the data processing case A i may determine that the jth particular key S j is β ij XOR γ i (which is equal to α j XOR K).

於方塊312,資料處理案例Ai可儲存第j個特定金鑰SjAt block 312, the data processing case A i may store the jth particular key S j .

於方塊314,虛擬金鑰管理模組P可儲存αj(其係等於Sj XOR K)。 At block 314, the virtual key management module P may store α j (which is equal to S j XOR K).

至於資料儲存庫金鑰產生協定300,由資料處理案例Ai輸出的字符串Sj可表示第j個特定金鑰Sj。於若干實施例中,替代直接使用金鑰Sj用於處理資料,可饋入金鑰Sj給一金鑰導函數(KDF)作為輸入,其輸出係用作為資料處理金鑰。藉此方式,可避免由虛擬金鑰管理模組P所儲存的資料上的相關金鑰攻擊,於該處該資料包括K+S1、K+S2、...、 K+Sj等數值。 As for the data repository key generation agreement 300, the character string S j output by the material processing case A i may represent the j-th specific key S j . In several embodiments, instead of directly using the key data for processing S j, it can be fed into key S j to a derivative of the function key (KDF) as an input, an output processing system with a data key. In this way, the related key attack on the data stored by the virtual key management module P can be avoided, where the data includes K+S 1 , K+S 2 , ..., K+S j , etc. Value.

圖4例示依據本文揭示之一實施例該資料處理案例金鑰產生協定400之流程圖。 4 illustrates a flow diagram of the data processing case key generation agreement 400 in accordance with one embodiment disclosed herein.

參考圖4,於方塊402,基於用於資料處理案例Ai的資料處理案例產生協定200之方塊210及212,虛擬金鑰管理模組P可取回或以其它方式接收所儲存的主金鑰K互斥或隨機遮罩γi(亦即K+γi)作為輸入,及資料處理案例Ai可取回或以其它方式接收所儲存的隨機遮罩γi作為輸入。 Referring to Figure 4, at block 402, the block 210 generates agreement 200 and 212 based on the data processing for the case A i data processing cases, the key management module of the virtual P may retrieve or otherwise receive the stored master key K mutexes or random mask γ i (ie, K+ γ i ) as input, and data processing case A i may retrieve or otherwise receive the stored random mask γ i as input.

於方塊404,資料處理案例Ai可前傳一請求給虛擬金鑰管理模組P用於具有指數j的一新金鑰。如此處描述,具有指數j的新金鑰可根據由資料處理案例Ai所做隨機選擇而決定。 At block 404, the data processing case Ai may forward a request to the virtual key management module P for a new key having an index j. As described herein, it has a new key index j may be determined according to the data processing done randomly selected cases of A i.

於方塊406,資料處理案例Ai可隨機選擇第j個特定金鑰Sj,及決定βij=Sj XOR γi,(亦即βij=Sji)。 At block 406, the data processing case A i may randomly select the jth particular key S j and determine β ij =S j XOR γ i , (ie, β ij =S ji ).

於方塊408,資料處理案例Ai可前傳βij給虛擬金鑰管理模組P。 At block 408, the data processing case A i can be forwarded to the virtual key management module P.

於方塊410,虛擬金鑰管理模組P可決定αj為βij XOR(K XOR γi)(亦即αjij+(K+γi))。 At block 410, the virtual key management module P may determine that α j is β ij XOR(K XOR γ i ) (ie, α jij +(K+γ i )).

於方塊412,資料處理案例Ai可儲存第j個特定金鑰SjAt block 412, the data processing case A i may store the jth particular key S j .

於方塊414,虛擬金鑰管理模組P可儲存αj(其等於Sj XOR K)。 At block 414, the virtual key management module P may store α j (which is equal to S j XOR K).

至於資料處理案例金鑰產生協定400,由資料處理案例Ai輸出的字符串Sj可表示第j個特定金鑰Sj。於若干實 施例中,替代直接使用金鑰Sj用於處理資料,可饋入金鑰Sj給一KDF作為輸入,其輸出係用作為資料處理金鑰。藉此方式,可避免由虛擬金鑰管理模組P所儲存的資料上的相關金鑰攻擊,於該處該資料包括K+S1、K+S2、...、K+Sj等數值。 As for the data processing case key generation agreement 400, the character string S j output by the material processing case A i may represent the jth specific key S j . In several embodiments, instead of directly using the key S j for processing data, the key can be fed to a KDF S j as an input, an output data processing system is used as a key. In this way, the related key attack on the data stored by the virtual key management module P can be avoided, where the data includes K+S 1 , K+S 2 , ..., K+S j , etc. Value.

圖5例示依據本文揭示之一實施例,先前儲存物件取回協定500之流程圖用以自資料儲存庫112取回一先前(亦即較舊的)儲存物件。 5 illustrates a flow diagram of a prior stored item retrieval protocol 500 for retrieving a previous (ie, older) stored item from data repository 112 in accordance with an embodiment of the present disclosure.

於方塊502,基於用於資料處理案例Ai的資料處理案例產生協定200之方塊210及212,虛擬金鑰管理模組P可取回或以其它方式接收所儲存的主金鑰K互斥或隨機遮罩γi(亦即K+γi)作為輸入,及資料處理案例Ai可取回或以其它方式接收所儲存的隨機遮罩γi作為輸入。 At block 502, the block 210 generates agreement 200 and 212 based on the data processing for the case A i data processing cases, P virtual key management module may retrieve or otherwise receive the stored master key K exclusive or The random mask γ i (ie, K+ γ i ) is taken as input, and the data processing case A i can retrieve or otherwise receive the stored random mask γ i as an input.

於方塊504,虛擬金鑰管理模組P可取回或以其它方式接收αj作為輸入,於該處αj推定係以標示為Ai’的資料處理案例之一先前例示產生。 At block 504, the virtual key management module P may retrieve or otherwise receive α j as input, where the α j estimate is generated by a previous illustration of one of the data processing cases labeled A i '.

於方塊506,資料處理案例Ai可前傳一請求給虛擬金鑰管理模組P用以請求具有指數j的先前產生的金鑰。如此處描述,具有指數j的先前產生的金鑰可根據由資料處理案例Ai的一隨機選擇而予決定。 At block 506, the data processing case Ai may forward a request to the virtual key management module P to request a previously generated key having an index j. As described herein, having a key previously generated index j may be determined according to a random selection by the data processing of the case A i.

於方塊508,虛擬金鑰管理模組P可取回αj,及決定βijj XOR(K XOR γi)(亦即βijj+(K+γi))。 At block 508, the virtual key management module P may retrieve α j and determine β ijj XOR(K XOR γ i ) (ie, β ijj +(K+γ i )).

於方塊510,虛擬金鑰管理模組P可前傳βij給資料處理案例AiAt block 510, the virtual key management module P can forward β ij to the data processing case A i .

於方塊512,資料處理案例Ai可決定第j個特定金鑰Sj為βij XOR γi,(亦即Sjiji)。 At block 512, the data processing case A i may determine that the jth particular key S j is β ij XOR γ i , (ie, S jiji ).

於方塊514,資料處理案例Ai可儲存第j個特定金鑰Sj。於若干實施例中,替代直接使用金鑰Sj用於處理資料,可將金鑰Sj饋入給一KDF作為輸入,其輸出係用作為資料處理金鑰。藉此方式,可避免由虛擬金鑰管理模組P所儲存的資料上的相關金鑰攻擊,於該處該資料包括K+S1、K+S2、...、K+Sj等數值。 At block 514, the data processing case A i may store the jth particular key S j . In several embodiments, instead of directly using the key S j for processing the material, the key S j can be fed to a KDF as an input and its output used as a data processing key. In this way, the related key attack on the data stored by the virtual key management module P can be avoided, where the data includes K+S 1 , K+S 2 , ..., K+S j , etc. Value.

至於資料儲存庫金鑰產生協定300、資料處理案例金鑰產生協定400、及先前儲存物件取回協定500,特定金鑰Sj可用以推導多個金鑰,針對該資料114之一集合的資料物件中之各個資料物件各有一個金鑰。所推導的金鑰中之各者可以是對稱性或非對稱性。根據特定金鑰Sj,所推導的金鑰可經決定因而形成階層式結構或樹狀結構。以用於信賴平台模組(TPM),其乃安全密碼處理器的國際標準,之一例的金鑰階層關係為例,各個節點(於該樹)可包括兩個金鑰,一個為對稱性及另一個為非對稱性。 As for the data repository key generation agreement 300, the data processing case key generation agreement 400, and the previously stored item retrieval protocol 500, the specific key S j can be used to derive a plurality of keys for a collection of the data 114 Each data item in the object has a key. Each of the derived keys can be symmetric or asymmetrical. According to the specific key S j , the derived key can be determined to form a hierarchical structure or a tree structure. For example, in the case of a Trusted Platform Module (TPM), which is an international standard for secure cryptographic processors, for example, a key hierarchy relationship in which each node (in the tree) can include two keys, one for symmetry and The other is asymmetry.

系統100之該等模組及其它元件可以是儲存於非暫態電腦可讀取媒體上的機器可讀取指令。就此方面而言,系統100可包括或可以是非暫態電腦可讀取媒體。此外或另外,系統100之該等模組及其它元件可以是硬體或機器可讀取指令與硬體的組合。 The modules and other components of system 100 can be machine readable instructions stored on non-transitory computer readable media. In this regard, system 100 can include or can be a non-transitory computer readable medium. Additionally or alternatively, the modules and other components of system 100 can be a combination of hardware or machine readable instructions and hardware.

圖6及圖7分別為對應金鑰分裂系統100之一實例,其組成容後詳述,用於金鑰分裂的方法600及700之流 程圖。方法600及700可參考圖1-5在金鑰分裂系統100具體實施,舉例說明但非限制性。方法600及700可於其它系統實施。 FIG. 6 and FIG. 7 are respectively an example of a corresponding key splitting system 100, and the composition thereof is described in detail later, and the method 600 and 700 for splitting the key is performed. Cheng Tu. The methods 600 and 700 can be embodied in the key splitting system 100 with reference to Figures 1-5, by way of example and not limitation. Methods 600 and 700 can be implemented in other systems.

參考圖6,針對方法600,於方塊602,該方法可包括產生一主金鑰。舉例言之,參考圖1及圖2,於方塊202,資料擁有者U可產生主金鑰K。 Referring to Figure 6, for method 600, at block 602, the method can include generating a master key. For example, referring to Figures 1 and 2, at block 202, the material owner U can generate a primary key K.

於方塊604,該方法可包括產生一隨機遮罩。舉例言之,參考圖1及圖2,於方塊204,資料擁有者U可產生隨機遮罩γi(亦即產生用於遮罩γi之一隨機值)。 At block 604, the method can include generating a random mask. For example, referring to Figures 1 and 2, at block 204, the material owner U can generate a random mask γ i (i.e., generate a random value for masking γ i ).

於方塊606,該方法可包括藉由使用該隨機遮罩而產生該主金鑰的一經遮罩版本。舉例言之,參考圖1及圖2,資料擁有者U可產生主金鑰K互斥或隨機遮罩γi(亦即K+γi)。 At block 606, the method can include generating a masked version of the primary key by using the random mask. For example, referring to FIG. 1 and FIG. 2, the material owner U may generate a primary key K mutually exclusive or random mask γ i (ie, K+γ i ).

於方塊608,該方法可包括前傳該主金鑰的經遮罩版本給一金鑰管理器。舉例言之,參考圖1及圖2,於方塊206,資料擁有者U可產生主金鑰K互斥或隨機遮罩γi(亦即K+γi)給虛擬金鑰管理模組P。 At block 608, the method can include pre-passing the masked version of the primary key to a key manager. For example, referring to FIG. 1 and FIG. 2, at block 206, the material owner U may generate a primary key K mutually exclusive or random mask γ i (ie, K+γ i ) to the virtual key management module P.

於方塊610,回應於前傳該主金鑰的經遮罩版本,該方法可包括自金鑰管理器接收一新遮罩。舉例言之,參考圖1-3,於方塊308,資料處理案例Ai可自虛擬金鑰管理模組Pi接收βijAt block 610, in response to forwarding the masked version of the primary key, the method can include receiving a new mask from the key manager. For example, referring to FIGS. 1-3, at block 308, the data processing case A i can receive β ij from the virtual key management module P i .

於方塊612,該方法可包括基於新遮罩及隨機遮罩決定一資料金鑰。舉例言之,參考圖1-3,於方塊310,資料處理案例Ai可決定第j個特定金鑰Sj為βij XOR γi(其係 等於αj XOR K)。 At block 612, the method can include determining a data key based on the new mask and the random mask. For example, referring to FIGS. 1-3, at block 310, the data processing case A i may determine that the jth particular key S j is β ij XOR γ i (which is equal to α j XOR K).

依據一實施例,針對方法600,產生經遮罩版本可包括使用互斥或、加法、或乘法運算以產生主金鑰的經遮罩版本(例如,參考圖2之方塊206)。 In accordance with an embodiment, for method 600, generating a masked version can include using a mutex or addition, or multiplication operation to generate a masked version of the master key (e.g., with reference to block 206 of FIG. 2).

依據一實施例,針對方法600,基於新遮罩及隨機遮罩決定資料金鑰可包括基於新遮罩與隨機遮罩間之互斥或運算而決定資料金鑰(例如,參考圖3之方塊310)。 According to an embodiment, for method 600, determining a data key based on a new mask and a random mask may include determining a data key based on a mutual exclusion or operation between the new mask and the random mask (eg, referring to the block of FIG. 3) 310).

依據一實施例,針對方法600,新遮罩可基於由金鑰管理器對另一遮罩(例如,αj)之隨機選取及主金鑰的經遮罩版本(例如,參考圖3之方塊306)。 According to an embodiment, for method 600, the new mask may be based on a random selection of another mask (eg, α j ) by the key manager and a masked version of the master key (eg, refer to the block of FIG. 3 306).

依據一實施例,方法600可進一步包括產生一資料處理案例,用以運用該資料金鑰而加密、解密、或認證該資料。舉例言之,參考圖1,資料處理案例產生模組102可產生資料處理案例104的一例示i,資料處理案例104的第i個例示標示為AiAccording to an embodiment, the method 600 can further include generating a data processing case for encrypting, decrypting, or authenticating the data using the data key. For example, referring to FIG. 1, the data processing case generation module 102 can generate an example i of the data processing case 104, and the ith example of the data processing case 104 is labeled A i .

依據一實施例,針對方法600,產生該資料處理案例可進一步包括產生該資料處理案例之一短暫例示,用以運用該隨機遮罩及該資料金鑰而加密、解密、或認證該資料,且利用該資料處理案例之另一短暫例示,其運用另一隨機遮罩及另一資料金鑰而加密、解密、或認證額外資料。 According to an embodiment, for the method 600, generating the data processing case may further include generating a short-term illustration of the data processing case for encrypting, decrypting, or authenticating the data by using the random mask and the data key, and Another short-lived illustration of the data processing case is to encrypt, decrypt, or authenticate additional data using another random mask and another data key.

依據一實施例,針對方法600,該資料可包括一集合之資料物件,及該方法600可進一步包括使用該資料金鑰用以推導多個資料金鑰,於該處該等多個資料金鑰中之 各個資料金鑰對應該集合之資料物件中之一個別資料物件。舉例言之,參考圖1-5,有關資料儲存庫金鑰產生協定300、資料處理案例金鑰產生協定400、及先前儲存物件取回協定500,該特定金鑰Sj可用以推導多個金鑰,於該處該等多個資料金鑰中之各個資料金鑰對應該集合之資料物件中之一個別資料物件。 According to an embodiment, for the method 600, the data may include a set of data objects, and the method 600 may further include using the data key to derive a plurality of data keys, where the plurality of data keys are Each data key in the pair corresponds to one of the data items in the data object. For example words, with reference to FIGS. 1-5, the information repository 300 key generation protocol, data processing is generated key agreement 400 cases, and previously stored objects retrieved agreement 500, the particular key may be used to derive a plurality of S j gold The key, where each of the plurality of data keys corresponds to one of the data items in the data object to be aggregated.

參考圖7,針對方法700,於方塊702,該方法可包括於資料相關的一實體產生一主金鑰。舉例言之,參考圖1及圖2,於方塊202,資料擁有者U可產生主金鑰K。 Referring to FIG. 7, for method 700, at block 702, the method can include generating a master key for an entity associated with the material. For example, referring to Figures 1 and 2, at block 202, the material owner U can generate a primary key K.

於方塊704,該方法可包括於資料相關的一實體產生一遮罩。舉例言之,參考圖1及圖2,於方塊204,資料擁有者U可產生遮罩γiAt block 704, the method can include generating a mask on an entity associated with the data. For example, referring to Figures 1 and 2, at block 204, the material owner U can generate a mask γ i .

於方塊706,該方法可包括藉使用該遮罩而產生該主金鑰之一經遮罩版本。舉例言之,參考圖1及圖2,資料擁有者U可產生主金鑰K互斥或遮罩γi(亦即K+γi)。 At block 706, the method can include generating a masked version of the one of the master keys by using the mask. For example, referring to FIG. 1 and FIG. 2, the material owner U may generate the primary key K to mutually exclusive or mask γ i (ie, K+γ i ).

於方塊708,該方法可包括前傳該主金鑰之該經遮罩版本給一金鑰管理器。舉例言之,參考圖1及圖2,資料擁有者U可前傳主金鑰K互斥或遮罩γi(亦即K+γi)給虛擬金鑰管理模組P。 At block 708, the method can include forwarding the masked version of the primary key to a key manager. For example, referring to FIG. 1 and FIG. 2, the data owner U can forward the master key K to mutually exclusive or mask γ i (ie, K+γ i ) to the virtual key management module P.

於方塊710,該方法可包括自該金鑰管理器接收一新遮罩,於該處該新遮罩係與一先前資料金鑰有關。舉例言之,參考圖1、2、及5,於方塊510,資料處理案例Ai可自虛擬金鑰管理模組P接收βij,於該處βij係與先前資料金鑰Sj有關。 At block 710, the method can include receiving a new mask from the key manager, where the new mask is associated with a prior data key. For example, referring to Figures 1, 2, and 5, at block 510, the data processing case A i can receive β ij from the virtual key management module P, where β ij is associated with the previous data key S j .

於方塊712,該方法可包括根據新遮罩及由與資料相關的實體產生的遮罩而決定該先前資料金鑰。舉例言之,參考圖1、2、及5,於方塊512,資料處理案例Ai可決定第j個特定金鑰Sj為βij互斥或γi(亦即Sjiji)。 At block 712, the method can include determining the prior data key based on the new mask and the mask generated by the entity associated with the material. For example, referring to Figures 1, 2, and 5, at block 512, the data processing case A i may determine that the jth particular key S j is β ij mutually exclusive or γ i (ie, S j = β ij + γ i ).

依據一實施例,針對方法700,該資料可包括一集合之資料物件,及方法700可進一步包括使用該先前資料金鑰用以推導多個資料金鑰,於該處該等多個資料金鑰中之各個資料金鑰對應該集合之資料物件中之一個別資料物件。舉例言之,參考圖1-5,有關資料儲存庫金鑰產生協定300、資料處理案例金鑰產生協定400、及先前儲存物件取回協定500,該特定金鑰Sj可用以推導多個金鑰,於該處該等多個資料金鑰中之各個資料金鑰對應該集合之資料物件中之一個別資料物件。 According to an embodiment, for the method 700, the data may include a set of data objects, and the method 700 may further include using the previous data key to derive a plurality of data keys, where the plurality of data keys are Each data key in the pair corresponds to one of the data items in the data object. For example words, with reference to FIGS. 1-5, the information repository 300 key generation protocol, data processing is generated key agreement 400 cases, and previously stored objects retrieved agreement 500, the particular key may be used to derive a plurality of S j gold The key, where each of the plurality of data keys corresponds to one of the data items in the data object to be aggregated.

依據一實施例,方法700可進一步包括產生一資料處理案例,用以運用該資料金鑰而加密、解密、或認證該資料。舉例言之,參考圖1,資料處理案例產生模組102可產生資料處理案例104的一例示i,資料處理案例104的第i個例示標示為AiAccording to an embodiment, the method 700 can further include generating a data processing case for encrypting, decrypting, or authenticating the data using the data key. For example, referring to FIG. 1, the data processing case generation module 102 can generate an example i of the data processing case 104, and the ith example of the data processing case 104 is labeled A i .

依據一實施例,針對方法700,於資料相關的該實體產生該遮罩可進一步包括於資料相關的該實體產生一隨機遮罩。舉例言之,參考圖1及圖2,於方塊204,資料擁有者U可產生隨機遮罩γi(亦即產生針對遮罩γi的一隨機值)。 In accordance with an embodiment, for method 700, generating the mask for the data-related entity can further include generating a random mask for the entity associated with the material. For example, referring to Figures 1 and 2, at block 204, the material owner U can generate a random mask γ i (i.e., generate a random value for the mask γ i ).

依據一實施例,針對方法700,資料可包括一指數。新遮罩可藉該資料之該指數而與先前資料金鑰相關。 舉例言之,參考圖1、2、及5,於方塊506,資料處理案例Ai可前傳一請求給虛擬金鑰管理模組P用以請求具有指數j的該先前產生的金鑰(亦即該資料之該指數)。新遮罩βij可藉資料的指數j而與先前資料金鑰Sj有關。 According to an embodiment, for method 700, the data can include an index. The new mask can be associated with the previous data key by the index of the material. For example, referring to Figures 1, 2, and 5, at block 506, the data processing case A i may forward a request to the virtual key management module P for requesting the previously generated key having the index j (ie, The index of the information). The new mask β ij can be related to the previous data key S j by the index j of the material.

依據金鑰分裂方法之另一個實施例,金鑰分裂可包括接收主金鑰K之一經遮罩版本(例如,K+γi)(例如,參考圖2之方塊206)。主金鑰K可由在與資料相關實體(例如,資料擁有者U)所產生的一遮罩γi遮罩(例如,參考圖2之方塊204)。金鑰分裂可進一步包括接收一新遮罩βij,其係根據先前資料金鑰Sj的選擇及進一步根據在與資料相關實體所產生的該遮罩γi(例如,參考圖4之方塊406及408)。又一新遮罩αj可根據新遮罩βij決定,其係根據先前資料金鑰Sj的選擇及其係根據主金鑰之經遮罩版本(例如,參考圖4之方塊410)。依據一實施例,新遮罩可根據先前資料金鑰Sj的隨機選擇(例如,參考圖4之方塊406)。依據一實施例,又一新遮罩可根據新遮罩βij與主金鑰之經遮罩版本(例如,K+γi)間之XOR運算決定(例如,參考圖4之方塊410)。 According to another embodiment of the key splitting method, the key splitting may include receiving a masked version of the primary key K (eg, K+γ i ) (eg, referring to block 206 of FIG. 2). The master key K may be masked by a mask γ i generated by the data-related entity (e.g., the material owner U) (e.g., referring to block 204 of FIG. 2). The key splitting may further comprise receiving a new mask β ij based on the selection of the previous data key S j and further based on the mask γ i generated in the data-related entity (eg, reference to block 406 of FIG. 4) And 408). A further new mask α j may be determined according to the new mask β ij , which is based on the selection of the previous data key S j and its masked version according to the master key (for example, refer to block 410 of FIG. 4 ). According to an embodiment, the new mask may be randomly selected based on the previous data key Sj (e.g., reference to block 406 of FIG. 4). According to an embodiment, yet another new mask may be determined based on an XOR operation between the new mask β ij and the masked version of the master key (eg, K+γ i ) (eg, refer to block 410 of FIG. 4).

圖8顯示可配合此處描述之實例使用的一電腦系統800。電腦系統800可表示一通用平台,其包括組件其可位於伺服器或另一電腦系統。電腦系統800可用作為系統100之平台。電腦系統800可由處理器(例如,單一或多個處理器)或其它硬體處理電路執行此處描述之方法、功能及其它處理。此等方法、功能及其它處理可實施為儲存在一電腦可讀取媒體上的機器可讀取指令,其可以是非暫態,諸 如硬體儲存裝置(例如,隨機存取記憶體(RAM)、唯讀記憶體(ROM)、可抹除可規劃ROM(EPROM)、可電氣抹除可規劃ROM(EEPROM)、硬體驅動裝置、及快閃記憶體)。 FIG. 8 shows a computer system 800 that can be used in conjunction with the examples described herein. Computer system 800 can represent a general purpose platform that includes components that can be located in a server or another computer system. Computer system 800 can be used as a platform for system 100. Computer system 800 can perform the methods, functions, and other processes described herein by a processor (e.g., single or multiple processors) or other hardware processing circuitry. The methods, functions, and other processes can be implemented as machine readable instructions stored on a computer readable medium, which can be non-transitory, Such as hardware storage devices (for example, random access memory (RAM), read only memory (ROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), hardware drive And flash memory).

電腦系統800可包括一處理器802其可實施或執行機器可讀取指令從事部分或全部此處描述之方法、功能及其它處理。來自處理器802的指令及資料可透過通訊匯流排804通訊。電腦系統也可包括一主記憶體806,諸如隨機存取記憶體(RAM),於執行時間期間處理器802的機器可讀取指令及資料可駐在該處,及一二次資料儲存裝置808,其可以是非依電性及儲存機器可讀取指令及資料。記憶體及資料儲存裝置為電腦可讀取媒體之實例。記憶體806可包括一金鑰分裂模組820,包括於執行時間期間駐在記憶體806且可由處理器802執行的機器可讀取指令。金鑰分裂模組820可包括圖1顯示之系統100之該等模組。 Computer system 800 can include a processor 802 that can implement or execute machine readable instructions to perform some or all of the methods, functions, and other processes described herein. Instructions and data from processor 802 can be communicated via communication bus 804. The computer system can also include a main memory 806, such as random access memory (RAM), during which the machine readable instructions and data of the processor 802 can reside, and a secondary data storage device 808, It can be non-electrical and storage machine readable instructions and data. Memory and data storage devices are examples of computer readable media. The memory 806 can include a key splitting module 820 that includes machine readable instructions that reside in the memory 806 and are executable by the processor 802 during execution time. The key splitting module 820 can include the modules of the system 100 shown in FIG.

電腦系統800可包括一I/O裝置810,諸如鍵盤、滑鼠、顯示器等。電腦系統可包括用於連結至網路的一網路介面812。可增加或取代電腦系統中之其它已知電子組件。 Computer system 800 can include an I/O device 810 such as a keyboard, mouse, display, and the like. The computer system can include a network interface 812 for connecting to the network. Other known electronic components in a computer system can be added or replaced.

前文揭示描述金鑰分裂的多個實例。所揭示的實例可包括用於金鑰分裂的系統、裝置、電腦可讀取儲存媒體、及方法。用於解釋目的,某些實例係參考圖1-8例示的組件描述。然而,例示之組件的功能可能重疊,且可能存在於更少數或更多數元件或組件。又,例示元件之全部或部分功能可並存或分布在數個地理上分散位置。再者,所 揭示實例可於各種環境實施而不限於例示實例。 The foregoing disclosure discloses multiple instances of key splitting. The disclosed examples can include systems, devices, computer readable storage media, and methods for key splitting. For purposes of explanation, some examples are described with reference to the components illustrated in Figures 1-8. However, the functions of the illustrated components may overlap and may exist in a few or more components or components. Also, all or a portion of the functions of the illustrated elements may be co-located or distributed across several geographically dispersed locations. Furthermore, The disclosed examples can be implemented in various environments and are not limited to the illustrated examples.

又,關聯圖1-8描述之操作順序為實例而非意圖為限制性。不背離所揭示實例之範圍可使用或可攻變額外的或更少的操作或操作之組合。又復,符合所揭示實例之具體實施例無需以任何特定順序執行操作順序。如此,本文揭示僅陳述具體實施例之可能實例,及對所描述之實例可做許多變化及修改。全部此等變化及修改意圖皆係含括於本文揭示之範圍且受如下申請專利範圍保護。 Again, the order of operations described in relation to Figures 1-8 is an example and is not intended to be limiting. Additional or fewer operations or combinations of operations may be utilized or may be employed without departing from the scope of the disclosed examples. Again, the specific embodiments consistent with the disclosed examples need not be performed in any particular order. Thus, the disclosure herein is merely illustrative of possible embodiments of the specific embodiments, and many variations and modifications can be made to the examples described. All such changes and modifications are intended to be included within the scope of the disclosure and are protected by the following claims.

100‧‧‧系統 100‧‧‧ system

102‧‧‧資料處理案例產生模組 102‧‧‧Data processing case generation module

104‧‧‧資料處理案例 104‧‧‧Data processing case

106‧‧‧資料擁有者 106‧‧‧ Data owner

108‧‧‧主金鑰 108‧‧‧Master Key

110‧‧‧虛擬金鑰管理模組 110‧‧‧Virtual Key Management Module

112‧‧‧資料儲存庫 112‧‧‧Data repository

114‧‧‧資料 114‧‧‧Information

116‧‧‧資料儲存庫金鑰產生模組 116‧‧‧Data Repository Key Generation Module

118‧‧‧資料處理案例金鑰產生模組 118‧‧‧ Data Processing Case Key Generation Module

120‧‧‧先前儲存物件取回模組 120‧‧‧Previous storage item retrieval module

122‧‧‧隨機遮罩 122‧‧‧ Random mask

Claims (15)

一種非暫態電腦可讀取媒體已經於其上儲存機器可讀取指令用以提供金鑰分裂,該等機器可讀取指令當執行時使得至少一個處理器用以:產生一主金鑰;產生一隨機遮罩;藉使用該隨機遮罩而產生該主金鑰的一經遮罩版本;前傳該主金鑰的該經遮罩版本給一金鑰管理器;回應於前傳該主金鑰的該經遮罩版本,自該金鑰管理器接收一新遮罩;及基於該新遮罩及該隨機遮罩而決定一資料金鑰。 A non-transitory computer readable medium having stored thereon machine readable instructions for providing key splitting, the machine readable instructions, when executed, causing at least one processor to: generate a master key; generating a random mask; by using the random mask to generate a masked version of the primary key; pre-passing the masked version of the primary key to a key manager; in response to forwarding the primary key The masked version receives a new mask from the key manager; and determines a data key based on the new mask and the random mask. 如請求項1之非暫態電腦可讀取媒體,其中用以產生該主金鑰的該經遮罩版本之該等機器可讀取指令包含指令用以:使用一互斥或(XOR)、一加法、及一乘法運鼻中之一者以產生該主金鑰的該經遮罩版本。 The non-transitory computer readable medium of claim 1, wherein the machine readable instructions for generating the masked version of the primary key comprise instructions for: using a mutually exclusive or (XOR), One of the additions, and one of the multipliers to produce the masked version of the primary key. 如請求項1之非暫態電腦可讀取媒體,其中用以基於該新遮罩及該隨機遮罩而決定該資料金鑰之該等機器可讀取指令包含指令用以:基於該新遮罩與該隨機遮罩間之一互斥或(XOR)運算而決定該資料金鑰。 The non-transitory computer readable medium of claim 1, wherein the machine readable instructions for determining the data key based on the new mask and the random mask include instructions for: based on the new mask The data key is determined by a mutually exclusive or (XOR) operation between the mask and the random mask. 如請求項1之非暫態電腦可讀取媒體,其中該新遮罩係 藉該金鑰管理器及該主金鑰的該經遮罩版本對另一遮罩的一隨機選擇。 The non-transitory computer readable medium of claim 1 wherein the new mask is A random selection of the mask by the key manager and the masked version of the master key. 如請求項1之非暫態電腦可讀取媒體,其進一步包含機器可讀取指令用以:產生一資料處理案例以運用該資料金鑰而加密、解密、或認證該資料。 The non-transitory computer readable medium of claim 1 further comprising machine readable instructions for generating a data processing instance to encrypt, decrypt, or authenticate the data using the data key. 如請求項5之非暫態電腦可讀取媒體,其中用以產生該資料處理案例的該等機器可讀取指令包含指令用以:產生該資料處理案例之一短暫例示以運用該隨機遮罩及該資料金鑰而加密、解密、或認證該資料;及利用一資料處理案例之另一短暫例示其運用另一隨機遮罩及另一資料金鑰而加密、解密、或認證進一步資料。 The non-transitory computer readable medium of claim 5, wherein the machine readable instructions for generating the data processing case include instructions for generating a short instantiation of the data processing case to apply the random mask And encrypting, decrypting, or authenticating the data with the data key; and using another short instance of a data processing case to encrypt, decrypt, or authenticate further data using another random mask and another data key. 如請求項1之非暫態電腦可讀取媒體,其中該資料包含一集合之資料物件,及其中該等機器可讀取指令進一步包含指令用以:使用該資料金鑰以推導多個資料金鑰,其中該等多個資料金鑰中之各個資料金鑰對應於該集合之資料物件中的一個別資料物件。 The non-transitory computer readable medium of claim 1, wherein the data comprises a set of data objects, and wherein the machine readable instructions further comprise instructions for: using the data key to derive a plurality of data items a key, wherein each of the plurality of data keys corresponds to a different item in the data item of the set. 一種金鑰分裂系統,其包含:至少一個處理器;及一記憶體儲存機器可讀取指令其當由該至少一個處理器執行時使得該至少一個處理器用以:接收一主金鑰的一經遮罩版本,其中該主金鑰 係藉使用在與資料相關的一實體所產生的一遮罩而被遮罩;接收一新遮罩,其係基於一先前資料金鑰之選擇且係進一步基於在與該資料相關的該實體所產生的該遮罩;及基於其係基於該先前資料金鑰之選擇且係基於該主金鑰的該經遮罩版本的該新遮罩而決定又一新遮罩。 A key splitting system comprising: at least one processor; and a memory storage machine readable instruction that, when executed by the at least one processor, causes the at least one processor to: receive a mask of a master key Cover version, where the primary key Is masked by using a mask generated by an entity associated with the material; receiving a new mask based on the selection of a prior data key and further based on the entity associated with the material The mask is generated; and a new mask is determined based on the new mask based on the selection of the prior data key and based on the masked version of the master key. 如請求項8之金鑰分裂系統,其中該新遮罩係基於該先前資料金鑰之一隨機選擇。 The key splitting system of claim 8, wherein the new mask is randomly selected based on one of the prior data keys. 如請求項8之金鑰分裂系統,其中用以決定該進一步新遮罩的該等機器可讀取指令進一步使得該至少一個處理器用以:基於該新遮罩與該主金鑰的該經遮罩版本間之一互斥或(XOR)運算而決定該進一步新遮罩。 The key splitting system of claim 8, wherein the machine readable instructions to determine the further new mask further cause the at least one processor to: based on the new mask and the primary key The further new mask is determined by a mutually exclusive or (XOR) operation between the mask versions. 一種用於金鑰分裂之方法,該方法包含:由包含一實體處理器的一電腦系統,在與資料相關的一實體產生一主金鑰;由包含該實體處理器的該電腦系統,在與該資料相關的該實體產生一遮罩;由包含該實體處理器的該電腦系統,經由使用該遮罩而產生該主金鑰的一經遮罩版本;由包含該實體處理器的該電腦系統,前傳該主金鑰的該經遮罩版本給一金鑰管理器; 由包含該實體處理器的該電腦系統,自該金鑰管理器接收一新遮罩,其中該新遮罩係與一先前資料金鑰有關;及由包含該實體處理器的該電腦系統,基於該新遮罩及由與該資料相關的該實體所產生的該遮罩而決定該先前資料金鑰。 A method for splitting a key, the method comprising: generating, by a computer system including a physical processor, a master key in an entity associated with the material; and the computer system including the physical processor, The entity associated with the material creates a mask; the computer system comprising the physical processor generates a masked version of the master key by using the mask; the computer system comprising the physical processor, Forwarding the masked version of the master key to a key manager; Receiving, by the computer system comprising the physical processor, a new mask from the key manager, wherein the new mask is associated with a prior data key; and the computer system comprising the physical processor is based on The new mask and the mask generated by the entity associated with the material determine the prior data key. 如請求項11之方法,其中該資料包含一集合之資料物件,及其中該方法進一步包含:由包含該實體處理器的該電腦系統,使用該先前資料金鑰用以推導多個資料金鑰,其中該等多個資料金鑰中之各個資料金鑰對應該集合之資料物件中之一個別資料物件。 The method of claim 11, wherein the material comprises a set of data objects, and wherein the method further comprises: using the prior data key to derive a plurality of data keys from the computer system including the physical processor, Each of the plurality of data keys corresponds to one of the data items in the data object to be aggregated. 如請求項11之方法,其進一步包含:由包含該實體處理器的該電腦系統,產生一資料處理案例以運用該資料金鑰而加密、解密、或認證該資料。 The method of claim 11, further comprising: generating, by the computer system comprising the physical processor, a data processing case to encrypt, decrypt, or authenticate the data using the data key. 如請求項11之方法,其中在與該資料相關的該實體產生該遮罩進一步包含:由包含該實體處理器的該電腦系統,在與該資料相關的該實體產生一隨機遮罩。 The method of claim 11, wherein the generating the mask in the entity associated with the material further comprises: generating, by the computer system comprising the physical processor, a random mask on the entity associated with the material. 如請求項11之方法,其中該資料包含一指數,及其中該新遮罩係與由該資料之該指數而與該先前資料金鑰相關。 The method of claim 11, wherein the material comprises an index, and wherein the new mask is associated with the prior data key by the index of the material.
TW104134051A 2014-10-27 2015-10-16 Key splitting TWI597960B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2014/062407 WO2016068847A1 (en) 2014-10-27 2014-10-27 Key splitting

Publications (2)

Publication Number Publication Date
TW201630378A true TW201630378A (en) 2016-08-16
TWI597960B TWI597960B (en) 2017-09-01

Family

ID=55857973

Family Applications (1)

Application Number Title Priority Date Filing Date
TW104134051A TWI597960B (en) 2014-10-27 2015-10-16 Key splitting

Country Status (4)

Country Link
US (1) US11563566B2 (en)
EP (1) EP3213457A4 (en)
TW (1) TWI597960B (en)
WO (1) WO2016068847A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10015152B2 (en) * 2014-04-02 2018-07-03 International Business Machines Corporation Securing data in a dispersed storage network
EP3119031A1 (en) * 2015-07-16 2017-01-18 ABB Schweiz AG Encryption scheme using multiple parties
CN107493166A (en) * 2016-06-13 2017-12-19 阿里巴巴集团控股有限公司 The storage and read method of a kind of private key, device and server
US10754970B2 (en) 2017-01-27 2020-08-25 International Business Machines Corporation Data masking
TWI665901B (en) * 2017-12-25 2019-07-11 亞旭電腦股份有限公司 Encryption method and decryption method

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1312593C (en) 1999-09-01 2007-04-25 松下电器产业株式会社 Dispensing system, semiconductor storing card, receiving device, computer readable recording medium and receiving method
US7640432B2 (en) * 2000-12-11 2009-12-29 International Business Machines Corporation Electronic cash controlled by non-homomorphic signatures
DE602005002349T2 (en) 2005-05-10 2008-01-17 Research In Motion Ltd., Waterloo Key masking for cryptographic processes
US20140201526A1 (en) 2005-11-16 2014-07-17 Shelia Jean Burgess System, method, and apparatus for data, data structure, or encryption key cognition incorporating autonomous security protection
FR2893796B1 (en) * 2005-11-21 2008-01-04 Atmel Corp ENCRYPTION PROTECTION METHOD
JP4905000B2 (en) * 2006-09-01 2012-03-28 ソニー株式会社 Cryptographic processing apparatus, cryptographic processing method, and computer program
US8468345B2 (en) 2009-11-16 2013-06-18 Microsoft Corporation Containerless data for trustworthy computing and data services
KR101139630B1 (en) 2010-12-09 2012-05-30 한양대학교 산학협력단 Apparatus and method for generating identification key
US8699702B2 (en) * 2011-01-10 2014-04-15 Apple Inc. Securing cryptographic process keys using internal structures
US8494154B2 (en) * 2011-06-20 2013-07-23 Bae Systems Information And Electronic Systems Integration Inc. Cryptographic ignition key system
US8848906B2 (en) 2011-11-28 2014-09-30 Cleversafe, Inc. Encrypting data for storage in a dispersed storage network
US9009567B2 (en) * 2011-12-12 2015-04-14 Cleversafe, Inc. Encrypting distributed computing data
JP5711681B2 (en) * 2012-03-06 2015-05-07 株式会社東芝 Cryptographic processing device
JP5612007B2 (en) * 2012-03-15 2014-10-22 株式会社東芝 Encryption key generator
EP2829010B1 (en) * 2012-03-20 2020-11-04 Irdeto B.V. Updating key information
US8976960B2 (en) 2012-04-02 2015-03-10 Apple Inc. Methods and apparatus for correlation protected processing of cryptographic operations
US20140007189A1 (en) * 2012-06-28 2014-01-02 International Business Machines Corporation Secure access to shared storage resources
JP6357158B2 (en) * 2012-10-12 2018-07-11 コーニンクレッカ フィリップス エヌ ヴェKoninklijke Philips N.V. Secure data processing with virtual machines
US9467425B2 (en) * 2013-03-18 2016-10-11 Intel Corporation Key refresh between trusted units
CN104166822B (en) * 2013-05-20 2017-10-13 阿里巴巴集团控股有限公司 A kind of method and apparatus of data protection
IL228523A0 (en) * 2013-09-17 2014-03-31 Nds Ltd Private data processing in a cloud-based environment
CA2949020C (en) * 2014-06-23 2018-09-04 Porticor Ltd. Methods and devices for key management in an as-a-service context
US20160105535A1 (en) 2014-10-08 2016-04-14 Intel Corporation Systems and methods for signal classification

Also Published As

Publication number Publication date
US20170222800A1 (en) 2017-08-03
EP3213457A4 (en) 2018-06-13
WO2016068847A1 (en) 2016-05-06
TWI597960B (en) 2017-09-01
EP3213457A1 (en) 2017-09-06
US11563566B2 (en) 2023-01-24

Similar Documents

Publication Publication Date Title
WO2020259635A1 (en) Method and apparatus for sharing blockchain data
KR101999188B1 (en) Secure personal devices using elliptic curve cryptography for secret sharing
CN113424185B (en) Fast inadvertent transmission
CN108292402B (en) Determination of a common secret and hierarchical deterministic keys for the secure exchange of information
US10616213B2 (en) Password manipulation for secure account creation and verification through third-party servers
JP5562687B2 (en) Securing communications sent by a first user to a second user
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
US10880100B2 (en) Apparatus and method for certificate enrollment
TWI597960B (en) Key splitting
JP6363032B2 (en) Key change direction control system and key change direction control method
US20230254129A1 (en) Key management for multi-party computation
CN115242555A (en) Supervisable cross-chain private data sharing method and device
CN104158880A (en) User-end cloud data sharing solution
US20240097894A1 (en) Threshold key exchange
US11386429B2 (en) Cryptocurrency securing method and device thereof
US8862893B2 (en) Techniques for performing symmetric cryptography
CN114430321B (en) DFA self-adaptive security-based black box traceable key attribute encryption method and device
Alrehaili et al. Cloud computing security challenges
CN113691373B (en) Anti-quantum key escrow system and method based on alliance block chain
Jain Enhancing security in Tokenization using NGE for storage as a service
Reddy et al. Data Storage on Cloud using Split-Merge and Hybrid Cryptographic Techniques
Aisikaer et al. Toward Secure and Timesaving Data Sharing: Cloud Encryption of RSA-co-ABE
Singh et al. Security of Data with 3DES & Watermarking Algorithm
CN117574407A (en) Block chain-based data access authority management method, device and storage medium
JP2005252864A (en) Security system, security instrument, and its program